Merge branch 'prep-release-3.0.12'

* prep-release-3.0.12: (443 commits)
  [prep-release-3.0.12] Update changelog for 3.0.12 release.
  [ticket/11873] Add unit test for large password input.
  [ticket/11873] Do not hash very large passwords in order to safe resources.
  [prep-release-3.0.12] Bumping version number for 3.0.12 final.
  [prep-release-3.0.12] Remove changelog entry for ticket that was not resolved.
  [prep-release-3.0.12] Update Changelog for 3.0.12-RC3 release.
  [prep-release-3.0.12] Bumping version number for 3.0.12-RC3.
  [ticket/11769] Allow using 0 as poster name
  [ticket/11769] Allow '0' as username
  [ticket/11769] Allow '0' as username in notification mails
  [ticket/11769] Fix language issues in the doc blocks
  [ticket/11769] Correctly supply the post author's username in posting.php
  [ticket/11802] replace $browser with $user->browser
  [ticket/11775] Fix doc blocks syntax
  [ticket/11775] Remove spaces at line ends
  [ticket/11775] Split test into multiple steps
  [ticket/11775] Add functional test for moving the last post
  [ticket/11775] Backport moving of the posting functions to 3.0
  [ticket/11775] Fix error when moving the last post to another topic
  [prep-release-3.0.12] Update Changelog for 3.0.12-RC2 release.
  ...

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.0.12-RC1" />
+	<property name="newversion" value="3.0.12" />
 	<property name="prevversion" value="3.0.11" />
-	<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.7-PL1, 3.0.8, 3.0.9, 3.0.10" />
+	<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.7-PL1, 3.0.8, 3.0.9, 3.0.10, 3.0.12-RC1, 3.0.12-RC2, 3.0.12-RC3" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />

phpBB/develop/mysql_upgrader.php

@@ -149,7 +149,8 @@ foreach ($schema_data as $table_name => $table_data)
 			list($orig_column_type, $column_length) = explode(':', $column_data[0]);
 			$column_type = sprintf($dbms_type_map['mysql_41'][$orig_column_type . ':'], $column_length);
 
-			if (isset($dbms_type_map['mysql_40'][$orig_column_type . ':']['limit'][0]))
+			if (isset($dbms_type_map['mysql_40'][$orig_column_type . ':']['limit']) &&
+				isset($dbms_type_map['mysql_40'][$orig_column_type . ':']['limit'][0]))
 			{
 				switch ($dbms_type_map['mysql_40'][$orig_column_type . ':']['limit'][0])
 				{
@@ -694,6 +695,24 @@ function get_schema_struct()
 		),
 	);
 
+	$schema_data['phpbb_login_attempts'] = array(
+		'COLUMNS'		=> array(
+			'attempt_ip'			=> array('VCHAR:40', ''),
+			'attempt_browser'		=> array('VCHAR:150', ''),
+			'attempt_forwarded_for'	=> array('VCHAR:255', ''),
+			'attempt_time'			=> array('TIMESTAMP', 0),
+			'user_id'				=> array('UINT', 0),
+			'username'				=> array('VCHAR_UNI:255', 0),
+			'username_clean'		=> array('VCHAR_CI', 0),
+		),
+		'KEYS'			=> array(
+			'att_ip'				=> array('INDEX', array('attempt_ip', 'attempt_time')),
+			'att_for'		=> array('INDEX', array('attempt_forwarded_for', 'attempt_time')),
+			'att_time'				=> array('INDEX', array('attempt_time')),
+			'user_id'					=> array('INDEX', 'user_id'),
+		),
+	);
+
 	$schema_data['phpbb_moderator_cache'] = array(
 		'COLUMNS'		=> array(
 			'forum_id'				=> array('UINT', 0),
@@ -897,6 +916,7 @@ function get_schema_struct()
 			'field_default_value'	=> array('VCHAR_UNI', ''),
 			'field_validation'		=> array('VCHAR_UNI:20', ''),
 			'field_required'		=> array('BOOL', 0),
+			'field_show_novalue'	=> array('BOOL', 0),
 			'field_show_on_reg'		=> array('BOOL', 0),
 			'field_show_on_vt'		=> array('BOOL', 0),
 			'field_show_profile'	=> array('BOOL', 0),
@@ -1396,5 +1416,3 @@ function get_schema_struct()
 
 	return $schema_data;
 }
-
-?>

phpBB/docs/CHANGELOG.html

@@ -152,7 +152,6 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11265">PHPBB3-11265</a>] - Functional tests do not assert that board installation succeeded</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11269">PHPBB3-11269</a>] - Travis functional test case errors</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11278">PHPBB3-11278</a>] - Firebird tables are not removed correctly on 3.0.9-rc1 update</li>
-<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11288">PHPBB3-11288</a>] - Search fooled by hyphens</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11291">PHPBB3-11291</a>] - &quot;Could not open input file: ../composer.phar&quot; error during phing's create-package</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11292">PHPBB3-11292</a>] - Newlines removed in display of PM reports, no clickable links in PM reports</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11301">PHPBB3-11301</a>] - &quot;String offset cast occured&quot; error on PHP 5.4</li>
@@ -190,6 +189,11 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11662">PHPBB3-11662</a>] - &quot;occured&quot; should be &quot;occurred&quot;</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11670">PHPBB3-11670</a>] - Replace trademark ™ with ® on &quot;Welcome to phpBB&quot; install page</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11674">PHPBB3-11674</a>] - Do not include vendor folder if there are no dependencies.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11524">PHPBB3-11524</a>] - MySQL Upgrader throws warnings on PHP 5.4</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11720">PHPBB3-11720</a>] - Reporting posts leads to white page error</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11769">PHPBB3-11769</a>] - Wrong poster in subscription email when poster is using the Quote button</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11775">PHPBB3-11775</a>] - Error while moving posts to a new topic</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11802">PHPBB3-11802</a>] - Undefined variable $browser in /download/file.php</li>
 </ul>
 <h4>Improvement</h4>
 <ul>
@@ -213,6 +217,8 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11294">PHPBB3-11294</a>] - Update extension list in running tests doc</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11368">PHPBB3-11368</a>] - Latest pm reports row count</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11583">PHPBB3-11583</a>] - InnoDB supports FULLTEXT index since MySQL 5.6.4.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11740">PHPBB3-11740</a>] - Update link in FAQ to Ideas Centre</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11873">PHPBB3-11873</a>] - Prevent expensive hash computation in phpbb_check_hash() by rejecting very long passwords</li>
 </ul>
 <h4>Sub-task</h4>
 <ul>
@@ -238,6 +244,8 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11529">PHPBB3-11529</a>] - Rename RUNNING_TESTS file to .md file to render it on GitHub</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11576">PHPBB3-11576</a>] - Make phpBB Test Suite MySQL behave at least as strict as phpBB MySQL driver</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11671">PHPBB3-11671</a>] - Add phing/phing to composer.json</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11752">PHPBB3-11752</a>] - Update phpBB.com URLs to https in email templates</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11753">PHPBB3-11753</a>] - Upgrade mysql_upgrader.php schema data.</li>
 </ul>
 
 	<a name="v3010"></a><h3>1.ii. Changes since 3.0.10</h3>

phpBB/download/file.php

@@ -285,7 +285,7 @@ else if (($display_cat == ATTACHMENT_CATEGORY_NONE/* || $display_cat == ATTACHME
 	$db->sql_query($sql);
 }
 
-if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && (strpos(strtolower($browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7))
+if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && (strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7))
 {
 	wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
 	file_gc();

phpBB/includes/constants.php

@@ -25,7 +25,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-define('PHPBB_VERSION', '3.0.12-RC1');
+define('PHPBB_VERSION', '3.0.12');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/includes/functions.php

@@ -502,6 +502,13 @@ function phpbb_hash($password)
 */
 function phpbb_check_hash($password, $hash)
 {
+	if (strlen($password) > 4096)
+	{
+		// If the password is too huge, we will simply reject it
+		// and not let the server try to hash it.
+		return false;
+	}
+
 	$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
 	if (strlen($hash) == 34)
 	{

phpBB/includes/functions_posting.php

@@ -2604,7 +2604,10 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	// Send Notifications
 	if (($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $post_approval)
 	{
-		$username = ($username) ? $username : $user->data['username'];
+		// If a username was supplied or the poster is a guest, we will use the supplied username.
+		// Doing it this way we can use "...post by guest-username..." in notifications when
+		// "guest-username" is supplied or ommit the username if it is not.
+		$username = ($username !== '' || !$user->data['is_registered']) ? $username : $user->data['username'];
 		user_notification($mode, $subject, $data['topic_title'], $data['forum_name'], $data['forum_id'], $data['topic_id'], $data['post_id'], $username);
 	}
 

phpBB/includes/mcp/mcp_topic.php

@@ -668,10 +668,10 @@ function merge_posts($topic_id, $to_topic_id)
 			}
 
 			// If the topic no longer exist, we will update the topic watch table.
-			phpbb_update_rows_avoiding_duplicates_notify_status($db, TOPICS_WATCH_TABLE, 'topic_id', $topic_ids, $to_topic_id);
+			phpbb_update_rows_avoiding_duplicates_notify_status($db, TOPICS_WATCH_TABLE, 'topic_id', array($topic_id), $to_topic_id);
 
 			// If the topic no longer exist, we will update the bookmarks table.
-			phpbb_update_rows_avoiding_duplicates($db, BOOKMARKS_TABLE, 'topic_id', $topic_id, $to_topic_id);
+			phpbb_update_rows_avoiding_duplicates($db, BOOKMARKS_TABLE, 'topic_id', array($topic_id), $to_topic_id);
 		}
 
 		// Link to the new topic

phpBB/install/database_update.php

@@ -8,7 +8,7 @@
 *
 */
 
-define('UPDATES_TO_VERSION', '3.0.12-RC1');
+define('UPDATES_TO_VERSION', '3.0.12');
 
 // Enter any version to update from to test updates. The version within the db will not be updated.
 define('DEBUG_FROM_VERSION', false);
@@ -1005,6 +1005,12 @@ function database_update_info()
 		'3.0.11-RC2'	=> array(),
 		// No changes from 3.0.11 to 3.0.12-RC1
 		'3.0.11'		=> array(),
+		// No changes from 3.0.12-RC1 to 3.0.12-RC2
+		'3.0.12-RC1'	=> array(),
+		// No changes from 3.0.12-RC2 to 3.0.12-RC3
+		'3.0.12-RC2'	=> array(),
+		// No changes from 3.0.12-RC3 to 3.0.12
+		'3.0.12-RC3'	=> array(),
 
 		/** @todo DROP LOGIN_ATTEMPT_TABLE.attempt_id in 3.0.13-RC1 */
 	);
@@ -2236,6 +2242,18 @@ function change_database_data(&$no_updates, $version)
 
 			$no_updates = false;
 		break;
+
+		// No changes from 3.0.12-RC1 to 3.0.12-RC2
+		case '3.0.12-RC1':
+		break;
+
+		// No changes from 3.0.12-RC2 to 3.0.12-RC3
+		case '3.0.12-RC2':
+		break;
+
+		// No changes from 3.0.12-RC3 to 3.0.12
+		case '3.0.12-RC3':
+		break;
 	}
 }
 

phpBB/install/schemas/schema_data.sql

@@ -246,7 +246,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('topics_per_page',
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.0.12-RC1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.0.12');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 

phpBB/language/en/email/forum_notify.txt

@@ -2,7 +2,7 @@ Subject: Forum post notification - "{FORUM_NAME}"
 
 Hello {USERNAME},
 
-You are receiving this notification because you are watching the forum, "{FORUM_NAME}" at "{SITENAME}". This forum has received a new reply to the topic "{TOPIC_TITLE}"<!-- IF AUTHOR_NAME --> by {AUTHOR_NAME}<!-- ENDIF --> since your last visit. You can use the following link to view the last unread reply, no more notifications will be sent until you visit the topic.
+You are receiving this notification because you are watching the forum, "{FORUM_NAME}" at "{SITENAME}". This forum has received a new reply to the topic "{TOPIC_TITLE}"<!-- IF AUTHOR_NAME !== '' --> by {AUTHOR_NAME}<!-- ENDIF --> since your last visit. You can use the following link to view the last unread reply, no more notifications will be sent until you visit the topic.
 
 {U_NEWEST_POST}
 

phpBB/language/en/email/installed.txt

@@ -12,7 +12,7 @@ Username: {USERNAME}
 Board URL: {U_BOARD}
 ----------------------------
 
-Useful information regarding the phpBB software can be found in the docs folder of your installation and on phpBB.com's support page - http://www.phpbb.com/support/
+Useful information regarding the phpBB software can be found in the docs folder of your installation and on phpBB.com's support page - https://www.phpbb.com/support/
 
 In order to keep your board safe and secure, we highly recommended keeping current with software releases. For your convenience, a mailing list is available at the page referenced above.
 

phpBB/language/en/email/newtopic_notify.txt

@@ -2,7 +2,7 @@ Subject: New topic notification - "{FORUM_NAME}"
 
 Hello {USERNAME},
 
-You are receiving this notification because you are watching the forum, "{FORUM_NAME}" at "{SITENAME}". This forum has received a new topic<!-- IF AUTHOR_NAME --> by {AUTHOR_NAME}<!-- ENDIF --> since your last visit, "{TOPIC_TITLE}". You can use the following link to view the forum, no more notifications will be sent until you visit the forum.
+You are receiving this notification because you are watching the forum, "{FORUM_NAME}" at "{SITENAME}". This forum has received a new topic<!-- IF AUTHOR_NAME !== '' --> by {AUTHOR_NAME}<!-- ENDIF --> since your last visit, "{TOPIC_TITLE}". You can use the following link to view the forum, no more notifications will be sent until you visit the forum.
 
 {U_FORUM}
 

phpBB/language/en/email/topic_notify.txt

@@ -2,7 +2,7 @@ Subject: Topic reply notification - "{TOPIC_TITLE}"
 
 Hello {USERNAME},
 
-You are receiving this notification because you are watching the topic, "{TOPIC_TITLE}" at "{SITENAME}". This topic has received a reply<!-- IF AUTHOR_NAME --> by {AUTHOR_NAME}<!-- ENDIF --> since your last visit. You can use the following link to view the replies made, no more notifications will be sent until you visit the topic.
+You are receiving this notification because you are watching the topic, "{TOPIC_TITLE}" at "{SITENAME}". This topic has received a reply<!-- IF AUTHOR_NAME !== '' --> by {AUTHOR_NAME}<!-- ENDIF --> since your last visit. You can use the following link to view the replies made, no more notifications will be sent until you visit the topic.
 
 If you want to view the newest post made since your last visit, click the following link:
 {U_NEWEST_POST}

phpBB/language/en/help_faq.php

@@ -333,7 +333,7 @@ $help = array(
 	),
 	array(
 		0 => 'Why isn’t X feature available?',
-		1 => 'This software was written by and licensed through phpBB Group. If you believe a feature needs to be added, or you want to report a bug, please visit the phpBB <a href="http://area51.phpbb.com/">Area51</a> website, where you will find resources to do so.'
+		1 => 'This software was written by and licensed through phpBB Group. If you believe a feature needs to be added please visit the <a href="https://www.phpbb.com/ideas/">phpBB Ideas Centre</a>, where you can upvote existing ideas or suggest new features.'
 	),
 	array(
 		0 => 'Who do I contact about abusive and/or legal matters related to this board?',

phpBB/posting.php

@@ -1131,8 +1131,14 @@ if ($submit || $preview || $refresh)
 				$data['topic_replies'] = $post_data['topic_replies'];
 			}
 
+			// Only return the username when it is either a guest posting or we are editing a post and
+			// the username was supplied; otherwise post_data might hold the data of the post that is
+			// being quoted (which could result in the username being returned being that of the quoted
+			// post's poster, not the poster of the current post). See: PHPBB3-11769 for more information.
+			$post_author_name = ((!$user->data['is_registered'] || $mode == 'edit') && $post_data['username'] !== '') ? $post_data['username'] : '';
+
 			// The last parameter tells submit_post if search indexer has to be run
-			$redirect_url = submit_post($mode, $post_data['post_subject'], $post_data['username'], $post_data['topic_type'], $poll, $data, $update_message, ($update_message || $update_subject) ? true : false);
+			$redirect_url = submit_post($mode, $post_data['post_subject'], $post_author_name, $post_data['topic_type'], $poll, $data, $update_message, ($update_message || $update_subject) ? true : false);
 
 			if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === true) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote'))
 			{

phpBB/report.php

@@ -146,11 +146,14 @@ $s_hidden_fields = '';
 // Submit report?
 if ($submit && $reason_id)
 {
+	if (isset($captcha))
+	{
 		$visual_confirmation_response = $captcha->validate();
 		if ($visual_confirmation_response)
 		{
 			$error[] = $visual_confirmation_response;
 		}
+	}
 
 	$sql = 'SELECT *
 		FROM ' . REPORTS_REASONS_TABLE . "

tests/functional/mcp_test.php

@@ -0,0 +1,67 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @group functional
+*/
+class phpbb_functional_mcp_test extends phpbb_functional_test_case
+{
+	public function test_post_new_topic()
+	{
+		$this->login();
+
+		// Test creating topic
+		$post = $this->create_topic(2, 'Test Topic 2', 'Testing move post with "Move posts" option from Quick-Moderator Tools.');
+
+		$crawler = self::request('GET', "viewtopic.php?t={$post['topic_id']}&sid={$this->sid}");
+		$this->assertContains('Testing move post with "Move posts" option from Quick-Moderator Tools.', $crawler->filter('html')->text());
+
+		return $crawler;
+	}
+
+	/**
+	* @depends test_post_new_topic
+	*/
+	public function test_handle_quickmod($crawler)
+	{
+		// Test moving a post
+		$form = $crawler->selectButton('Go')->eq(1)->form();
+		$form['action']->select('merge');
+		$crawler = self::submit($form);
+
+		return $crawler;
+	}
+
+	/**
+	* @depends test_handle_quickmod
+	*/
+	public function test_move_post_to_topic($crawler)
+	{
+		// Select the post in MCP
+		$form = $crawler->selectButton($this->lang('SUBMIT'))->form(array(
+			'to_topic_id'	=> 1,
+		));
+		$form['post_id_list'][0]->tick();
+		$crawler = self::submit($form);
+		$this->assertContains($this->lang('MERGE_POSTS'), $crawler->filter('html')->text());
+
+		return $crawler;
+	}
+
+	/**
+	* @depends test_move_post_to_topic
+	*/
+	public function test_confirm_result($crawler)
+	{
+		$this->add_lang('mcp');
+		$form = $crawler->selectButton('Yes')->form();
+		$crawler = self::submit($form);
+		$this->assertContains($this->lang('POSTS_MERGED_SUCCESS'), $crawler->text());
+	}
+}

tests/functional/posting_test.php

@@ -32,105 +32,4 @@ class phpbb_functional_posting_test extends phpbb_functional_test_case
 		$crawler = self::request('GET', "posting.php?mode=quote&f=2&t={$post2['topic_id']}&p={$post2['post_id']}&sid={$this->sid}");
 		$this->assertContains('This is a test post posted by the testing framework.', $crawler->filter('html')->text());
 	}
-
-	/**
-	* Creates a topic
-	* 
-	* Be sure to login before creating
-	* 
-	* @param int $forum_id
-	* @param string $subject
-	* @param string $message
-	* @param array $additional_form_data Any additional form data to be sent in the request
-	* @return array post_id, topic_id
-	*/
-	public function create_topic($forum_id, $subject, $message, $additional_form_data = array())
-	{
-		$posting_url = "posting.php?mode=post&f={$forum_id}&sid={$this->sid}";
-
-		$form_data = array_merge(array(
-			'subject'		=> $subject,
-			'message'		=> $message,
-			'post'			=> true,
-		), $additional_form_data);
-
-		return self::submit_post($posting_url, 'POST_TOPIC', $form_data);
-	}
-
-	/**
-	* Creates a post
-	* 
-	* Be sure to login before creating
-	* 
-	* @param int $forum_id
-	* @param string $subject
-	* @param string $message
-	* @param array $additional_form_data Any additional form data to be sent in the request
-	* @return array post_id, topic_id
-	*/
-	public function create_post($forum_id, $topic_id, $subject, $message, $additional_form_data = array())
-	{
-		$posting_url = "posting.php?mode=reply&f={$forum_id}&t={$topic_id}&sid={$this->sid}";
-
-		$form_data = array_merge(array(
-			'subject'		=> $subject,
-			'message'		=> $message,
-			'post'			=> true,
-		), $additional_form_data);
-
-		return self::submit_post($posting_url, 'POST_REPLY', $form_data);
-	}
-	
-	/**
-	* Helper for submitting posts
-	* 
-	* @param string $posting_url
-	* @param string $posting_contains
-	* @param array $form_data
-	* @return array post_id, topic_id
-	*/
-	protected function submit_post($posting_url, $posting_contains, $form_data)
-	{
-		$this->add_lang('posting');
-
-		$crawler = self::request('GET', $posting_url);
-		$this->assertContains($this->lang($posting_contains), $crawler->filter('html')->text());
-
-		$hidden_fields = array(
-			$crawler->filter('[type="hidden"]')->each(function ($node, $i) {
-				return array('name' => $node->getAttribute('name'), 'value' => $node->getAttribute('value'));
-			}),
-		);
-
-		foreach ($hidden_fields as $fields)
-		{
-			foreach($fields as $field)
-			{
-				$form_data[$field['name']] = $field['value'];
-			}
-		}
-
-		// Bypass time restriction that said that if the lastclick time (i.e. time when the form was opened)
-		// is not at least 2 seconds before submission, cancel the form
-		$form_data['lastclick'] = 0;
-
-		// I use a request because the form submission method does not allow you to send data that is not
-		// contained in one of the actual form fields that the browser sees (i.e. it ignores "hidden" inputs)
-		// Instead, I send it as a request with the submit button "post" set to true.
-		$crawler = self::request('POST', $posting_url, $form_data);
-		$this->assertContains($this->lang('POST_STORED'), $crawler->filter('html')->text());
-
-		$url = $crawler->selectLink($this->lang('VIEW_MESSAGE', '', ''))->link()->getUri();
-		
-		$matches = $topic_id = $post_id = false;
-		preg_match_all('#&t=([0-9]+)(&p=([0-9]+))?#', $url, $matches);
-		
-		$topic_id = (int) (isset($matches[1][0])) ? $matches[1][0] : 0;
-		$post_id = (int) (isset($matches[3][0])) ? $matches[3][0] : 0;
-
-		return array(
-			'topic_id'	=> $topic_id,
-			'post_id'	=> $post_id,
-		);
-	}
 }

tests/functional/report_post_captcha_test.php

@@ -12,13 +12,6 @@
  */
 class phpbb_functional_report_post_captcha_test extends phpbb_functional_test_case
 {
-	public function test_user_report_post()
-	{
-		$this->login();
-		$crawler = self::request('GET', 'report.php?f=2&p=1');
-		$this->assertNotContains($this->lang('CONFIRM_CODE'), $crawler->filter('html')->text());
-	}
-
 	public function test_guest_report_post()
 	{
 		$crawler = self::request('GET', 'report.php?f=2&p=1');
@@ -31,6 +24,18 @@ class phpbb_functional_report_post_captcha_test extends phpbb_functional_test_ca
 		$this->set_reporting_guest(-1);
 	}
 
+	public function test_user_report_post()
+	{
+		$this->login();
+		$crawler = self::request('GET', 'report.php?f=2&p=1');
+		$this->assertNotContains($this->lang('CONFIRM_CODE'), $crawler->filter('html')->text());
+
+		$this->add_lang('mcp');
+		$form = $crawler->selectButton($this->lang('SUBMIT'))->form();
+		$crawler = self::submit($form);
+		$this->assertContains($this->lang('POST_REPORTED_SUCCESS'), $crawler->text());
+	}
+
 	protected function set_reporting_guest($report_post_allowed)
 	{
 		$this->login();

tests/security/hash_test.php

@@ -17,5 +17,13 @@ class phpbb_security_hash_test extends phpbb_test_case
 		$this->assertTrue(phpbb_check_hash('test', '$P$9isfrtKXWqrz8PvztXlL3.daw4U0zI1'));
 		$this->assertFalse(phpbb_check_hash('foo', '$H$9isfrtKXWqrz8PvztXlL3.daw4U0zI1'));
 	}
+
+	public function test_check_hash_with_large_input()
+	{
+		// 16 MB password, should be rejected quite fast
+		$start_time = time();
+		$this->assertFalse(phpbb_check_hash(str_repeat('a', 1024 * 1024 * 16), '$H$9isfrtKXWqrz8PvztXlL3.daw4U0zI1'));
+		$this->assertLessThanOrEqual(5, time() - $start_time);
+	}
 }
 

tests/test_framework/phpbb_functional_test_case.php

@@ -593,4 +593,135 @@ class phpbb_functional_test_case extends phpbb_test_case
 	{
 		self::assertEquals($status_code, self::$client->getResponse()->getStatus());
 	}
+
+	/**
+	* Creates a topic
+	*
+	* Be sure to login before creating
+	*
+	* @param int $forum_id
+	* @param string $subject
+	* @param string $message
+	* @param array $additional_form_data Any additional form data to be sent in the request
+	* @return array post_id, topic_id
+	*/
+	public function create_topic($forum_id, $subject, $message, $additional_form_data = array())
+	{
+		$posting_url = "posting.php?mode=post&f={$forum_id}&sid={$this->sid}";
+
+		$form_data = array_merge(array(
+			'subject'		=> $subject,
+			'message'		=> $message,
+			'post'			=> true,
+		), $additional_form_data);
+
+		return self::submit_post($posting_url, 'POST_TOPIC', $form_data);
+	}
+
+	/**
+	* Creates a post
+	*
+	* Be sure to login before creating
+	*
+	* @param int $forum_id
+	* @param int $topic_id
+	* @param string $subject
+	* @param string $message
+	* @param array $additional_form_data Any additional form data to be sent in the request
+	* @return array post_id, topic_id
+	*/
+	public function create_post($forum_id, $topic_id, $subject, $message, $additional_form_data = array())
+	{
+		$posting_url = "posting.php?mode=reply&f={$forum_id}&t={$topic_id}&sid={$this->sid}";
+
+		$form_data = array_merge(array(
+			'subject'		=> $subject,
+			'message'		=> $message,
+			'post'			=> true,
+		), $additional_form_data);
+
+		return self::submit_post($posting_url, 'POST_REPLY', $form_data);
+	}
+
+	/**
+	* Helper for submitting posts
+	*
+	* @param string $posting_url
+	* @param string $posting_contains
+	* @param array $form_data
+	* @return array post_id, topic_id
+	*/
+	protected function submit_post($posting_url, $posting_contains, $form_data)
+	{
+		$this->add_lang('posting');
+
+		$crawler = self::request('GET', $posting_url);
+		$this->assertContains($this->lang($posting_contains), $crawler->filter('html')->text());
+
+		$hidden_fields = array(
+			$crawler->filter('[type="hidden"]')->each(function ($node, $i) {
+				return array('name' => $node->getAttribute('name'), 'value' => $node->getAttribute('value'));
+			}),
+		);
+
+		foreach ($hidden_fields as $fields)
+		{
+			foreach($fields as $field)
+			{
+				$form_data[$field['name']] = $field['value'];
+			}
+		}
+
+		// Bypass time restriction that said that if the lastclick time (i.e. time when the form was opened)
+		// is not at least 2 seconds before submission, cancel the form
+		$form_data['lastclick'] = 0;
+
+		// I use a request because the form submission method does not allow you to send data that is not
+		// contained in one of the actual form fields that the browser sees (i.e. it ignores "hidden" inputs)
+		// Instead, I send it as a request with the submit button "post" set to true.
+		$crawler = self::request('POST', $posting_url, $form_data);
+		$this->assertContains($this->lang('POST_STORED'), $crawler->filter('html')->text());
+		$url = $crawler->selectLink($this->lang('VIEW_MESSAGE', '', ''))->link()->getUri();
+
+		return array(
+			'topic_id'	=> $this->get_parameter_from_link($url, 't'),
+			'post_id'	=> $this->get_parameter_from_link($url, 'p'),
+		);
+	}
+
+	/**
+	* Returns the requested parameter from a URL
+	*
+	* @param	string	$url
+	* @param	string	$parameter
+	* @return		string	Value of the parameter in the URL, null if not set
+	*/
+	public function get_parameter_from_link($url, $parameter)
+	{
+		if (strpos($url, '?') === false)
+		{
+			return null;
+		}
+
+		$url_parts = explode('?', $url);
+		if (isset($url_parts[1]))
+		{
+			$url_parameters = $url_parts[1];
+			if (strpos($url_parameters, '#') !== false)
+			{
+				$url_parameters = explode('#', $url_parameters);
+				$url_parameters = $url_parameters[0];
+			}
+
+			foreach (explode('&', $url_parameters) as $url_param)
+			{
+				list($param, $value) = explode('=', $url_param);
+				if ($param == $parameter)
+				{
+					return $value;
+				}
+			}
+		}
+		return null;
+	}
 }